ClawHub

long-context-shell

Security checks across malware telemetry and agentic risk

Overview

This is a powerful but transparent shell-runner skill whose command execution, background sessions, and local log files match its stated purpose.

Install only if you want an agent-accessible tool that can run real shell commands. Review commands before they run, require explicit approval for destructive or privileged operations, stop background sessions when finished, and clean temp logs if commands or output may include private paths, tokens, or other sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill is explicitly designed to run arbitrary shell commands, and the code executes the provided command via `/bin/sh -lc` or `powershell.exe -Command` without any in-band user-facing warning, consent checkpoint, or trust boundary enforcement in the execution path. In the context of an agent skill, that makes prompt-influenced or misrouted input especially dangerous because it can directly lead to command execution on the host, with only a narrow denylist of 'dangerous' commands that is easily bypassed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The worker logs the full command string to a file (`command=${session.command}`), which can persist secrets, tokens, file paths, personal data, or other sensitive operational context in `/tmp`-backed storage without any disclosure or minimization. Because this skill is built for long-running shell tasks and log inspection, the context increases the likelihood that sensitive arguments and outputs will be retained and later exposed to other processes, users, or debugging workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal